請雙擊下方英文字幕播放視頻。
譯者: H_L Au
審譯者: NAN-KUN WU
00:12
I want you to travel back in time with me,
0
12515
5128
我想大家和我一起回到過去,
00:17
to the before time, to 2017.
1
17667
3476
回到之前的時間,到 2017 年。
00:21
I don't know if you can remember it,
2
21167
1726
我不知道你能否記起
00:22
dinosaurs were roaming the earth.
3
22917
1892
恐龍在地球上漫遊。
00:24
I was a security researcher,
4
24833
1726
我是個資安研究員,
00:26
I had spent about five or six years
5
26583
2768
我用了五或六年時間
00:29
doing research on the ways in which APTs,
6
29375
3059
做關於 APT 的研究,
00:32
which is short for advanced
persistent threats,
7
32458
4375
即高級長期威脅的簡稱,
00:37
which stands for nation-state actors,
8
37417
3267
亦即是民族國家行動者
00:40
spy on journalists and activists
9
40708
4018
來監視記者、社會活動家、
00:44
and lawyers and scientists
10
44750
2226
律師、科學家,
00:47
and just generally people
who speak truth to power.
11
47000
3684
還有對強權說真話的普通人。
00:50
And I'd been doing this for a while
12
50708
2393
我已經做了一段時間,
00:53
when I discovered
that one of my fellow researchers,
13
53125
4268
才發現我其中一位研究員,
00:57
with whom I had been
doing this all this time,
14
57417
2726
這段時間一直與我共事的這個人
01:00
was allegedly a serial rapist.
15
60167
5041
據稱是一名連續強姦犯。
01:06
So the first thing that I did
16
66542
2434
所以我第一件做的事
01:09
was I read a bunch of articles about this.
17
69000
2976
就是讀了很多相關的報導。
01:12
And in January of 2018,
18
72000
3018
而在 2018 年一月
01:15
I read an article
with some of his alleged victims.
19
75042
5059
我讀到一些據稱
是他受害者的相關文章。
01:20
And one of the things
that really struck me about this article
20
80125
4101
而有一點讓我很震驚,
01:24
is how scared they were.
21
84250
1809
就是她們有多害怕。
01:26
They were really frightened,
22
86083
1685
她們真的很驚慌,
01:27
they had, you know,
tape over the cameras on their phones
23
87792
5142
她們用膠帶覆蓋手機的鏡頭,
01:32
and on their laptops,
24
92958
1268
筆電的也是。
01:34
and what they were worried about
was that he was a hacker
25
94250
2851
她們擔心的是他是個駭客,
01:37
and he was going to hack into their stuff
26
97125
1953
而他會駭進她們的東西,
01:39
and he was going to ruin their lives.
27
99102
2166
他會毀了她們的生活。
01:41
And this had kept them silent
for a really long time.
28
101292
3184
因此令她們沉默了很長的時期。
01:44
So, I was furious.
29
104500
3083
所以,我怒火中燒。
01:49
And I didn't want anyone
to ever feel that way again.
30
109375
3518
我不想任何人再有那種感受。
01:52
So I did what I usually do when I'm angry:
31
112917
2892
所以我做了生氣時常做的事:
01:55
I tweeted.
32
115833
1268
在推特發文。
01:57
(Laughter)
33
117125
2184
(笑聲)
01:59
And the thing that I tweeted
34
119333
1435
而我的推文是
02:00
was that if you are a woman
who has been sexually abused by a hacker
35
120792
3976
如果你是遭到駭客性侵犯的女性,
02:04
and that hacker has threatened
to break into your devices,
36
124792
3434
而那個駭客威脅要駭入你的設備,
02:08
that you could contact me
37
128250
1643
你可以聯絡我,
02:09
and I would try to make sure
38
129917
1892
我會試著確保
02:11
that your device got a full,
sort of, forensic look over.
39
131833
4768
你的設備得到了大致上
完整的鑑識科學檢查。
02:16
And then I went to lunch.
40
136625
2476
然後我就去吃午餐了。
02:19
(Laughter)
41
139125
1583
(笑聲)
02:21
Ten thousand retweets later,
42
141958
1685
然後被轉推了一萬次。
02:23
(Laughter)
43
143667
1434
(笑聲)
02:25
I had accidentally started a project.
44
145125
3417
我意外開始了一個計劃。
02:30
So every morning,
I woke up and my mailbox was full.
45
150208
4310
每天早上,我起床的時候
信箱都是滿的,
02:34
It was full of the stories
of men and women
46
154542
5809
充滿著男性和女性的故事,
02:40
telling me the worst thing
that had ever happened to them.
47
160375
4851
告訴我發生在他們身上最壞的事。
02:45
I was contacted by women
who were being spied on by men,
48
165250
4768
聯絡我的包括被男性監視的女性、
02:50
by men who were being spied on by men,
49
170042
2226
被男性監視的男性、
02:52
by women who were being spied on by women,
50
172292
2101
被女性監視的女性,
02:54
but the vast majority
of the people contacting me
51
174417
2559
但是絕大多數與我聯繫的人
02:57
were women who had been
sexually abused by men
52
177000
3809
是遭到男人性侵的女性,
03:00
who were now spying on them.
53
180833
2435
現在被他們監視著。
03:03
The one particularly interesting case
54
183292
1809
一個特別有趣的案例
03:05
involved a man who came to me,
55
185125
2018
是有個男人來找我,
03:07
because his boyfriend had outed him as gay
56
187167
5101
因為他男朋友向他極度保守的韓國家人
03:12
to his extremely
conservative Korean family.
57
192292
3226
公開了他是個同性戀。
03:15
So this is not just
men-spying-on-women issue.
58
195542
5125
因此,這不只是男性監視女性的問題。
03:22
And I'm here to share
59
202292
3142
我在此分享
03:25
what I learned from this experience.
60
205458
2417
從這經驗學到的事。
03:28
What I learned is that data leaks.
61
208833
3351
我學到的是資料會流出。
03:32
It's like water.
62
212208
1935
如水一樣。
03:34
It gets in places you don't want it.
63
214167
1726
會到你不想它到的地方。
03:35
Human leaks.
64
215917
1267
人會流出。
03:37
Your friends give away
information about you.
65
217208
2143
你朋友會流出關於你的資訊,
03:39
Your family gives away
information about you.
66
219375
2893
你家人會流出關於你的資訊。
03:42
You go to a party,
67
222292
1267
你參加派對,
03:43
somebody tags you as having been there.
68
223583
3101
有人標記了你在此。
03:46
And this is one of the ways
69
226708
1601
而這就是其中一個方法
03:48
in which abusers pick up
information about you
70
228333
2143
令侵犯者得到
03:50
that you don't otherwise
want them to know.
71
230500
2018
你不想他們得知的資訊。
03:52
It is not uncommon for abusers
to go to friends and family
72
232542
5392
侵犯者到家人朋友那邊
03:57
and ask for information
about their victims
73
237958
3143
以擔心受害人的「心理健康」為由,
04:01
under the guise of being concerned
about their "mental health."
74
241125
3167
拿取受害人資訊的情況並不罕見。
04:05
A form of leak that I saw
75
245250
3226
我看到的一種流出形式
04:08
was actually what we call
account compromise.
76
248500
3434
實際上就是我們所說的帳戶被盜用。
04:11
So your Gmail account,
77
251958
2935
你的 Gmail 帳戶、
04:14
your Twitter account,
78
254917
2642
你的推特帳戶、
04:17
your Instagram account,
79
257583
2226
你的 Instagram 帳戶、
04:19
your iCloud,
80
259833
2143
你的 iCloud 帳戶、
04:22
your Apple ID,
81
262000
1643
你的 Apple 帳戶、
04:23
your Netflix, your TikTok --
82
263667
1601
你的 Netflix、抖音——
04:25
I had to figure out what a TikTok was.
83
265292
1833
我查了才知道抖音是甚麼。
04:28
If it had a login,
84
268417
1892
只要需要登入帳戶,
04:30
I saw it compromised.
85
270333
2768
就有可能被盜用。
04:33
And the reason for that is because
your abuser is not always your abuser.
86
273125
4643
因為侵犯者並不總是你的侵犯者。
04:37
It is really common for people
in relationships to share passwords.
87
277792
4434
戀人之間分享密碼很常見。
04:42
Furthermore, people who are intimate,
88
282250
2601
此外,親密的人、
04:44
who know a lot about each other,
89
284875
1559
知道對方很多事的人,
04:46
can guess each other's security questions.
90
286458
2018
可以猜中對方的安全提問。
04:48
Or they can look over
each other's shoulders
91
288500
2059
或是他們可以從背後偷看
04:50
to see what code they're using
in order to lock their phones.
92
290583
2976
對方在用甚麼密碼解鎖手機。
04:53
They frequently have
physical access to the phone,
93
293583
2643
他們很常可以接觸到那手機,
04:56
or they have physical access
to the laptop.
94
296250
2726
或是他們可以接觸到那筆電。
04:59
And this gives them a lot of opportunity
95
299000
3976
這給了他們很多機會
05:03
to do things to people's accounts,
96
303000
3309
對別人的帳戶做很多事,
05:06
which is very dangerous.
97
306333
1810
而那是非常危險的。
05:08
The good news is that we have advice
98
308167
2934
好消息是我們對避免帳戶被盜用
05:11
for people to lock down their accounts.
99
311125
2309
提出了一些建議。
05:13
This advice already exists,
and it comes down to this:
100
313458
3976
這個建議已經存在,它就是:
05:17
Use strong, unique passwords
for all of your accounts.
101
317458
4834
所有帳戶都用強、獨特的密碼。
05:23
Use more strong, unique passwords
102
323542
3226
用更強、更獨特的密碼
05:26
as the answers to your security questions,
103
326792
3226
作為你安全問題的答案,
05:30
so that somebody who knows
the name of your childhood pet
104
330042
3851
那麼那個知道你童年寵物名字的人
05:33
can't reset your password.
105
333917
1625
就不能重置你的密碼。
05:36
And finally, turn on the highest level
of two-factor authentication
106
336542
4476
最後,打開你可以輕鬆使用的
05:41
that you're comfortable using.
107
341042
2142
最高級別的雙重身份驗證。
05:43
So that even if an abuser
manages to steal your password,
108
343208
4018
因此就算侵犯者成功盜取密碼,
05:47
because they don't have the second factor,
109
347250
2059
因為他們沒有第二重認證,
就不能登入到你的帳戶。
05:49
they will not be able
to log into your account.
110
349333
2726
05:52
The other thing that you should do
111
352083
2185
另一件你應該要做的事
05:54
is you should take a look
at the security and privacy tabs
112
354292
5392
是你要看看安全和隱私頁面,
05:59
for most of your accounts.
113
359708
1310
所有的帳戶都一樣。
06:01
Most accounts have
a security or privacy tab
114
361042
2226
大多帳戶都有安全和隱私頁面,
06:03
that tells you
what devices are logging in,
115
363292
4101
它會告知你甚麼裝置登入了,
06:07
and it tells you where
they're logging in from.
116
367417
2642
亦會各告知你登入的位置。
06:10
For example, here I am,
117
370083
1518
例如,我在這,
06:11
logging in to Facebook from the La Quinta,
118
371625
2059
由拉昆塔登入 Facebook,
06:13
where we are having this meeting,
119
373708
1572
也就是我們這次會議的地點,
06:15
and if for example,
120
375304
1964
而作為示範
06:17
I took a look at my Facebook logins
121
377292
2267
我看了 Facebook 的登入紀錄,
06:19
and I saw somebody logging in from Dubai,
122
379583
2601
看到有人從杜拜登入,
06:22
I would find that suspicious,
123
382208
1976
我會覺得那很可疑,
06:24
because I have not been
to Dubai in some time.
124
384208
2625
因為我已經有一段時間沒去杜拜了。
06:28
But sometimes, it really is a RAT.
125
388125
2893
但有時,那其實是 RAT。
06:31
If by RAT you mean remote access tool.
126
391042
3101
RAT 就是遠端存取工具的意思。
06:34
And remote access tool
127
394167
3059
而遠端存取工具
06:37
is essentially what we mean
when we say stalkerware.
128
397250
4684
本質上就是我們說的監控軟體。
06:41
So one of the reasons why
getting full access to your device
129
401958
3685
能全面進入你的設備
06:45
is really tempting for governments
130
405667
2309
對政府來說這麼誘人的原因之一
06:48
is the same reason why
getting full access to your device
131
408000
2893
就和能全面進入你的設備
06:50
is tempting for abusive partners
and former partners.
132
410917
5083
對侵犯人的現任和前任伴侶
這麼誘人的原因一樣。
06:57
We carry tracking devices
around in our pockets all day long.
133
417042
4101
我們整天攜帶著追蹤裝置。
07:01
We carry devices
that contain all of our passwords,
134
421167
3642
我們攜帶的裝置有我們所有密碼,
07:04
all of our communications,
135
424833
2351
所有通訊,
07:07
including our end-to-end
encrypted communications.
136
427208
2643
包括我們的端到端加密通訊。
07:09
All of our emails, all of our contacts,
137
429875
3226
所有電郵、所有聯絡人、
07:13
all of our selfies are all in one place,
138
433125
3601
所有我們的自拍都齊集一身,
07:16
often our financial information
is also in this place.
139
436750
3518
有時我們的財務資料也在這。
07:20
And so, full access to a person’s phone
140
440292
3101
所以擁有一個人手機的完整權限,
07:23
is the next best thing
to full access to a person's mind.
141
443417
4125
僅次於完全進入一個人的腦袋。
07:28
And what stalkerware does
is it gives you this access.
142
448375
5184
而監控軟體的作用就是給你權限。
07:33
So, you may ask, how does it work?
143
453583
3976
那你可能會問,它怎樣做到?
07:37
The way stalkerware works
144
457583
1601
監控軟體的運作方式
07:39
is that it's a commercially
available program,
145
459208
3726
就是個商業程式,
07:42
which an abuser purchases,
146
462958
3518
當侵犯者購買後
07:46
installs on the device
that they want to spy on,
147
466500
2976
就安裝在他們想監控的裝置上,
07:49
usually because they have physical access
148
469500
1976
很常是因為他們能親自拿到,
07:51
or they can trick their target
into installing it themselves,
149
471500
5309
或者誘騙他們的目標自己安裝。
07:56
by saying, you know,
150
476833
1268
像是說這樣的話,
「這個程式很重要,你應該要安裝。」
07:58
"This is a very important program
you should install on your device."
151
478125
3684
08:01
And then they pay the stalkerware company
152
481833
4268
然後就付款給監控軟體公司
08:06
for access to a portal,
153
486125
2768
取得進入裝置的入口,
08:08
which gives them all
of the information from that device.
154
488917
3267
來得到那裝置的所有資料。
08:12
And you're usually paying
something like 40 bucks a month.
155
492208
3351
通常每月只要付 40 美元左右。
08:15
So this kind of spying
is remarkably cheap.
156
495583
3459
所以真的超便宜。
08:21
Do these companies know
157
501875
1601
這些公司知道
08:23
that their tools
158
503500
4726
它們的軟體
08:28
are being used as tools of abuse?
159
508250
2434
被用作侵犯他人嗎?
08:30
Absolutely.
160
510708
1268
當然知道。
如果你看看 Cocospy 的行銷文案,
08:32
If you take a look
at the marketing copy for Cocospy,
161
512000
2809
08:34
which is one of these products,
162
514833
1518
它其中一個產品
08:36
it says right there on the website
163
516375
3143
在網頁上寫著
08:39
that Cocospy allows you
to spy on your wife with ease,
164
519542
3809
Cocospy 讓你輕易監控妻子,
08:43
"You do not have to worry
about where she goes,
165
523375
2226
「不用擔心她的去向、
08:45
who she talks to
or what websites she visits."
166
525625
2934
她的聊天對象和到訪的網站。」
08:48
So that's creepy.
167
528583
1250
令人毛骨悚然。
08:50
HelloSpy, which is another such product,
168
530583
3560
HelloSpy,另一個類似的產品,
08:54
had a marketing page
in which they spent most of their copy
169
534167
4642
它們的行銷頁面有很大篇幅的文案
08:58
talking about the prevalence of cheating
170
538833
1976
在說明出軌有多層出不窮,
09:00
and how important it is
to catch your partner cheating,
171
540833
2685
還有抓到伴侶出軌的重要性,
09:03
including this fine picture of a man
172
543542
3017
裡面還有個男人的照片,
09:06
who has clearly just caught
his partner cheating
173
546583
2476
很明顯他抓到伴侶出軌,
09:09
and has beaten her.
174
549083
1268
然後痛打了她。
09:10
She has a black eye,
there is blood on her face.
175
550375
2518
她一隻眼瘀青,臉上有血。
09:12
And I don't think that there is
really a lot of question
176
552917
4101
我不用想也知道
09:17
about whose side HelloSpy is on
in this particular case.
177
557042
4892
在這個例子中 HelloSpy
是站在哪一方的。
09:21
And who they're trying to sell
their product to.
178
561958
2542
還有它們的銷售對象是誰。
09:26
It turns out that if you have stalkerware
on your computer or on your phone,
179
566625
5976
事實證明很難知道監控軟體是否存在
09:32
it can be really difficult to know
whether or not it's there.
180
572625
4018
你的電腦或手機裡。
09:36
And one of the reasons for that
181
576667
1559
而原因之一是
09:38
is because antivirus companies
182
578250
2601
防毒公司
09:40
often don't recognize
stalkerware as malicious.
183
580875
6601
都不把監控軟體視為惡意軟體。
09:47
They don't recognize it as a Trojan
184
587500
2268
不視它作木馬
09:49
or as any of the other stuff
that you would normally find
185
589792
3059
或是其他通常會
09:52
that they would warn you about.
186
592875
1518
警告你的東西。
09:54
These are some results
from earlier this year from VirusTotal.
187
594417
3809
這些是 VirusTotal
今年稍早的部分結果。
09:58
I think that for one sample
that I looked at
188
598250
2684
我看了一個例子,
10:00
I had something like
a result of seven out of 60
189
600958
4685
然後結果只有六十分之七的平台
10:05
of the platforms recognized
the stalkerware that I was testing.
190
605667
3392
認出我在測試的監控軟體。
10:09
And here is another one
where I managed to get 10,
191
609083
3476
還有另一個成功達到十,
10:12
10 out of 61.
192
612583
1643
六十一分之十。
10:14
So this is still some very bad results.
193
614250
3708
那仍然是非常差的結果。
10:19
I have managed to convince
a couple of antivirus companies
194
619500
3851
我成功說服幾家防毒公司
10:23
to start marking stalkerware as malicious.
195
623375
3143
開始把監控軟體標為惡意的。
10:26
So that all you have to do
196
626542
1267
如果你擔心它在你的電腦中,
10:27
if you're worried about having
this stuff on your computer
197
627833
2768
那麼你要做的事
10:30
is you download the program,
198
630625
3059
就是下載程式,
10:33
you run a scan and it tells you
199
633708
2393
進行掃瞄,它就會告訴你
10:36
"Hey, there's some potentially
unwanted program on your device."
200
636125
3643
「嗨,你的裝置上
有些你不想要的程式。」
10:39
It gives you the option of removing it,
201
639792
2309
它就會給你移除的選項,
10:42
but it does not remove it automatically.
202
642125
1934
但它不會自動刪除。
10:44
And one of the reasons for that
203
644083
1518
原因之一是因為
10:45
is because of the way that abuse works.
204
645625
1893
侵犯的運作方式。
10:47
Frequently, victims of abuse aren't sure
205
647542
3226
通常,受害者不知應否
10:50
whether or not they want
to tip off their abuser
206
650792
2476
切斷侵犯者的進入權限,
10:53
by cutting off their access.
207
653292
1767
這就等於打草驚蛇了。
10:55
Or they're worried that their abuser
is going to escalate to violence
208
655083
6101
或是擔心會升級為暴力,
11:01
or perhaps even greater violence
209
661208
2310
或是現有的暴力升級。
11:03
than they've already been engaging in.
210
663542
2541
11:07
Kaspersky was one
of the very first companies
211
667917
2226
卡巴斯基是首間
11:10
that said that they were going to start
taking this seriously.
212
670167
3267
認真對待這類事件的公司之一。
11:13
And in November of this year,
213
673458
3101
今年十一月
11:16
they issued a report in which they said
214
676583
2060
它們發表了一份報告,
11:18
that since they started tracking
stalkerware among their users
215
678667
4351
自從開始為使用者探測監控軟體,
11:23
that they had seen
an increase of 35 percent.
216
683042
4833
它們看到了 35% 的增長。
11:29
Likewise, Lookout came out
with a statement
217
689708
3185
同樣,Lookout 也發表聲明
11:32
saying that they were going to take this
much more seriously.
218
692917
3142
說要更加認真對待此事。
11:36
And finally, a company called Malwarebytes
also put out such a statement
219
696083
4685
而最後 Malwarebytes 亦聲明
11:40
and said that they had found
2,500 programs
220
700792
4517
在它們尋找的期間,
它們找到了 2500 個
11:45
in the time that they had been looking,
221
705333
1893
11:47
which could be classified as stalkerware.
222
707250
2250
可歸類為監控軟體的程式。
11:50
Finally, in November
I helped to launch a coalition
223
710875
5809
最後在十一月,
我幫忙成立了一個聯盟,
11:56
called the Coalition Against Stalkerware,
224
716708
3060
叫反監控軟體聯盟,
11:59
made up of academics,
225
719792
4392
由學者組成,
12:04
people who are doing
this sort of thing on the ground --
226
724208
3101
還有實地在做這些事的人——
12:07
the practitioners of helping people to
escape from intimate partner violence --
227
727333
6310
幫人擺脫親密伴侶暴力的從業人員,
12:13
and antivirus companies.
228
733667
2392
還有防毒軟體公司。
12:16
And our goal is both to educate people
about these programs,
229
736083
5643
我們的目標是教育大家
有關這些程式的知識,
12:21
but also to convince
the antivirus companies
230
741750
3476
還有說服防毒軟體公司
12:25
to change the norm
231
745250
1684
去改變常態,
12:26
in how they act around
this very scary software,
232
746958
5310
改變它們應對這可怕軟體的手法。
12:32
so that soon, if I get up in front of you
233
752292
2726
那麼很快的,明年我再來這裡
12:35
and I talk to you about this next year,
234
755042
2267
站在你們眼前再說這件事的時候,
12:37
I could tell you that the problem
has been solved,
235
757333
2810
我就可以告訴你們問題已經解決了,
12:40
and all you have to do
is download any antivirus
236
760167
2726
而你們只要下載任何防毒軟體,
12:42
and it is considered normal
for it to detect stalkerware.
237
762917
4142
它就會把偵測監控軟體視為理所當然,
12:47
That is my hope.
238
767083
1810
那就是我的期望。
12:48
Thank you very much.
239
768917
1309
多謝大家。
12:50
(Applause)
240
770250
5000
(掌聲)
New videos
關於本網站
本網站將向您介紹對學習英語有用的 YouTube 視頻。 您將看到來自世界各地的一流教師教授的英語課程。 雙擊每個視頻頁面上顯示的英文字幕,從那裡播放視頻。 字幕與視頻播放同步滾動。 如果您有任何意見或要求,請使用此聯繫表與我們聯繫。